CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29667
https://notcve.org/view.php?id=CVE-2024-29667
., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. • https://github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23482 – ZScalerService Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23482
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25421
https://notcve.org/view.php?id=CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421 https://www.igniterealtime.org/projects/openfire • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-25420
https://notcve.org/view.php?id=CVE-2024-25420
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421 https://www.igniterealtime.org/projects/openfire • CWE-273: Improper Check for Dropped Privileges •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24892 – Unauthorized RCE in migration-tools
https://notcve.org/view.php?id=CVE-2024-24892
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. • https://gitee.com/src-openeuler/migration-tools/pulls/12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •